On Tue, May 8, 2018 at 5:41 PM Canek Peláez Valdés <can...@gmail.com> wrote:
> On Tue, May 8, 2018 at 4:33 PM <mad.scientist.at.la...@tutanota.com> wrote: > > > > So are there currently any languages (currently in use/supported) designed to avoid the problems with C and other languages? > > > > Something with strong types and provisions for automatic input validation beyond typing, i.e. range limitation? > > > > Something that compiles, something that doesn't self optimize (math may be good, but just like encryption the implementation can be flawed/exploitable due to various errors). Because you can't validate a moving target. > > > > something that strongly isolates data from code, something that protects the heap and stack aggressively (other than just os implemented mechanisms like stack canaries). > > > > Any suggestions? I'm going to be picking up programming again and I'd greatly prefer spending my time using a language that has security built in rather than depend on the application programmer adding protections after the fact. > > > > I'll still have to learn C as well, so I can understand/modify existing code but I'd like to be as proactive as possible about security and reliability in what I write. And again, something that compiles. Not specificly looking at writing web apps per say, though i'd also be interested in any well secured/proactive languages for some internet/LAN usage. > I think Go and Rust would fit the bill. Ada is the traditional example of this as well. Most high-level languages avoid a lot of the issues with C since they do their own memory management/etc. On the flip side a lot of them are not statically typed which can cause all kinds of runtime issues. Languages like Go/Rust/Ada which are statically typed but also which do their own memory management are probably the best of all world. Then again, they can also be more painful to work with. I can't rigorously compare them. I know Rust tends to be intended to be more suitable for systems programming (leaner/etc), and I believe Go tends to handle concurrency/etc and seems to be very much in fashion for general-purpose programming these days. I'm not sure how either compares to Ada, which has been around for a long time. -- Rich
